summaryrefslogtreecommitdiffstats
path: root/iptables/tests/shell/run-tests.sh
diff options
context:
space:
mode:
Diffstat (limited to 'iptables/tests/shell/run-tests.sh')
-rwxr-xr-xiptables/tests/shell/run-tests.sh73
1 files changed, 71 insertions, 2 deletions
diff --git a/iptables/tests/shell/run-tests.sh b/iptables/tests/shell/run-tests.sh
index d71c1372..11256905 100755
--- a/iptables/tests/shell/run-tests.sh
+++ b/iptables/tests/shell/run-tests.sh
@@ -4,9 +4,23 @@
TESTDIR="./$(dirname $0)/"
RETURNCODE_SEPARATOR="_"
+usage() {
+ cat <<EOF
+Usage: $(basename $0) [-v|--verbose] [-H|--host] [-V|--valgrind]
+ [[-l|--legacy]|[-n|--nft]] [testscript ...]
+
+-v | --verbose Enable verbose mode (do not drop testscript output).
+-H | --host Run tests against installed binaries in \$PATH,
+ not those built in this source tree.
+-V | --valgrind Enable leak checking via valgrind.
+-l | --legacy Test legacy variant only. Conflicts with --nft.
+-n | --nft Test nft variant only. Conflicts with --legacy.
+testscript Run only specific test(s). Implies --verbose.
+EOF
+}
+
msg_error() {
echo "E: $1 ..." >&2
- exit 1
}
msg_warn() {
@@ -19,10 +33,12 @@ msg_info() {
if [ "$(id -u)" != "0" ] ; then
msg_error "this requires root!"
+ exit 77
fi
if [ ! -d "$TESTDIR" ] ; then
msg_error "missing testdir $TESTDIR"
+ exit 99
fi
# support matching repeated pattern in SINGLE check below
@@ -46,6 +62,14 @@ while [ -n "$1" ]; do
NFT_ONLY=y
shift
;;
+ -V|--valgrind)
+ VALGRIND=y
+ shift
+ ;;
+ -h|--help)
+ usage
+ exit 0
+ ;;
*${RETURNCODE_SEPARATOR}+([0-9]))
SINGLE+=" $1"
VERBOSE=y
@@ -53,6 +77,7 @@ while [ -n "$1" ]; do
;;
*)
msg_error "unknown parameter '$1'"
+ exit 99
;;
esac
done
@@ -67,6 +92,50 @@ else
XTABLES_LEGACY_MULTI="xtables-legacy-multi"
fi
+printscript() { # (cmd, tmpd)
+ cat <<EOF
+#!/bin/bash
+
+CMD="$1"
+
+# note: valgrind man page warns about --log-file with --trace-children, the
+# last child executed overwrites previous reports unless %p or %q is used.
+# Since libtool wrapper calls exec but none of the iptables tools do, this is
+# perfect for us as it effectively hides bash-related errors
+
+valgrind --log-file=$2/valgrind.log --trace-children=yes \
+ --leak-check=full --show-leak-kinds=all \$CMD "\$@"
+RC=\$?
+
+# don't keep uninteresting logs
+if grep -q 'no leaks are possible' $2/valgrind.log; then
+ rm $2/valgrind.log
+else
+ mv $2/valgrind.log $2/valgrind_\$\$.log
+fi
+
+# drop logs for failing commands for now
+[ \$RC -eq 0 ] || rm $2/valgrind_\$\$.log
+
+exit \$RC
+EOF
+}
+
+if [ "$VALGRIND" == "y" ]; then
+ tmpd=$(mktemp -d)
+ msg_info "writing valgrind logs to $tmpd"
+ # let nobody write logs, too (././testcases/iptables/0008-unprivileged_0)
+ chmod 777 $tmpd
+ printscript "$XTABLES_NFT_MULTI" "$tmpd" >${tmpd}/xtables-nft-multi
+ printscript "$XTABLES_LEGACY_MULTI" "$tmpd" >${tmpd}/xtables-legacy-multi
+ trap "rm ${tmpd}/xtables-*-multi" EXIT
+ chmod a+x ${tmpd}/xtables-nft-multi ${tmpd}/xtables-legacy-multi
+
+ XTABLES_NFT_MULTI="${tmpd}/xtables-nft-multi"
+ XTABLES_LEGACY_MULTI="${tmpd}/xtables-legacy-multi"
+
+fi
+
find_tests() {
if [ ! -z "$SINGLE" ] ; then
echo $SINGLE
@@ -129,4 +198,4 @@ failed=$((legacy_fail+failed))
msg_info "combined results: [OK] $ok [FAILED] $failed [TOTAL] $((ok+failed))"
-exit 0
+exit -$failed